[kernel] r15560 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Tue Apr 27 05:40:05 UTC 2010
Author: dannf
Date: Tue Apr 27 05:40:01 2010
New Revision: 15560
Log:
tty: release_one_tty() forgets to put pids (CVE-2010-1162)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/tty-release_one_tty-forgets-to-put-pids.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/21lenny5
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Tue Apr 27 05:38:06 2010 (r15559)
+++ dists/lenny-security/linux-2.6/debian/changelog Tue Apr 27 05:40:01 2010 (r15560)
@@ -8,6 +8,7 @@
by an invalid Payload Pointer (CVE-2010-1086)
* NFS: Fix an Oops when truncating a file (CVE-2010-1087)
* fix LOOKUP_FOLLOW on automount "symlinks" (CVE-2010-1088)
+ * tty: release_one_tty() forgets to put pids (CVE-2010-1162)
[ Ben Hutchings ]
* [x86] KVM: disable paravirt mmu reporting (Closes: #573071) (regressed
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/tty-release_one_tty-forgets-to-put-pids.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/tty-release_one_tty-forgets-to-put-pids.patch Tue Apr 27 05:40:01 2010 (r15560)
@@ -0,0 +1,29 @@
+commit b5662617959ef558e1130a250a88f9f189cb1bae
+Author: Oleg Nesterov <oleg at redhat.com>
+Date: Fri Apr 2 18:05:12 2010 +0200
+
+ tty: release_one_tty() forgets to put pids
+
+ release_one_tty(tty) can be called when tty still has a reference
+ to pgrp/session. In this case we leak the pid.
+
+ Signed-off-by: Oleg Nesterov <oleg at redhat.com>
+ Reported-by: Catalin Marinas <catalin.marinas at arm.com>
+ Reported-and-tested-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
+ Acked-by: Linus Torvalds <torvalds at linux-foundation.org>
+ Acked-by: Eric W. Biederman <ebiederm at xmission.com>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
+index a51374e..60b691e 100644
+--- a/drivers/char/tty_io.c
++++ b/drivers/char/tty_io.c
+@@ -2342,6 +2342,8 @@ static void release_one_tty(struct tty_struct *tty, int idx)
+ list_del_init(&tty->tty_files);
+ file_list_unlock();
+
++ put_pid(tty->pgrp);
++ put_pid(tty->session);
+ free_tty_struct(tty);
+ }
+
Modified: dists/lenny-security/linux-2.6/debian/patches/series/21lenny5
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/21lenny5 Tue Apr 27 05:38:06 2010 (r15559)
+++ dists/lenny-security/linux-2.6/debian/patches/series/21lenny5 Tue Apr 27 05:40:01 2010 (r15560)
@@ -8,3 +8,4 @@
+ bugfix/all/dvb-core-fix-dos-in-ule-decapsulation.patch
+ bugfix/all/nfs-fix-an-oops-when-truncating-a-file.patch
+ bugfix/all/fix-LOOKUP_FOLLOW-on-automount-symlinks.patch
++ bugfix/all/tty-release_one_tty-forgets-to-put-pids.patch
More information about the Kernel-svn-changes
mailing list